OpenSC up to 0.20.0 Oberthur Smart Card Software Driver sc_oberthur_read_file buffer overflow

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in OpenSC up to 0.20.0 and classified as critical. This vulnerability affects the function sc_oberthur_read_file of the component Oberthur Smart Card Software Driver. Upgrading to version 0.21.0-rc1 eliminates this vulnerability.

Field11/15/2020 10:20 AM11/16/2020 05:05 PM11/16/2020 05:11 PM
date1601972563 (10/06/2020)1601972563 (10/06/2020)1601972563 (10/06/2020)
cvss2_vuldb_avAAA
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_prLLL
cvss3_vuldb_sUUU
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss2_vuldb_basescore4.94.94.9
cvss2_vuldb_tempscore4.94.94.9
cvss3_vuldb_basescore5.55.55.5
cvss3_vuldb_tempscore5.55.55.5
cvss3_meta_basescore5.55.55.5
cvss3_meta_tempscore5.55.55.5
price_0day$0-$5k$0-$5k$0-$5k
cvss2_vuldb_acMMM
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
urlhttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
nameUpgradeUpgradeUpgrade
upgrade_version0.21.0-rc10.21.0-rc10.21.0-rc1
cveCVE-2020-26570CVE-2020-26570CVE-2020-26570
nameOpenSCOpenSCOpenSC
version<=0.20.0<=0.20.0<=0.20.0
componentOberthur Smart Card Software DriverOberthur Smart Card Software DriverOberthur Smart Card Software Driver
functionsc_oberthur_read_filesc_oberthur_read_filesc_oberthur_read_file
cwe120 (memory corruption)120 (memory corruption)120 (memory corruption)
risk222
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss2_nvd_basescore2.12.12.1
cvss3_nvd_basescore5.55.55.5
cve_assigned16019352001601935200
cve_nvd_summaryThe Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss2_nvd_avL
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiN
cvss2_nvd_aiP

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!